>> Should I do that via an ssh config setting, in shorewall, or somewhere else? > > I believe the right way would be to add 'account required > pam_access.so' line to /etc/pam.d/system-auth and define login > restrictions in /etc/securety/access.conf (it's also quite well > documented). > > That way you'll block ssh/ftp/mail etc logins for that account, which > should also be prone to brutforce attacks because of weak password. > > The catch is, of course, that you should have pam on your system ;) > > -- > Mike Kazantsev // fraggod.net
Can anyone tell me how to find out which users on a system have a login shell (e.g. not /bin/nologin)? - Grant